BTW, you left out a key statement when quoting me that qualifies my statement. Mr. Otis mentioned "the permitting the submission of the message." However, a DKIM signature can be generated by someone else besides the originating domain, depending on OA SSP policies.
Absolutely right.
Therefore, the signer may not be domain that initally accepted message into the mail transport system.
Absolutely right again.
This type of signature claims a different type of responsibility than, "the permitting the submission of the message."
Absolutely right again! This type of signature is saying "Look, this message passed through my signing machine and the signature I affixed attests to the message content I saw when I signed it." This type of signing identity can be used as an input to a filtering process but it can't be assumed to be from the OA. Am I wrong? -- Arvel _______________________________________________ ietf-dkim mailing list <http://dkim.org>
